| |
| |||||||
Log-Analyse und Auswertung: e-ligatus-com, FireFox öffnet unaufgefordert dubiose InternetseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.05.2013, 10:47
| #1 |
 |  e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Hallo Trojaner-Community, scheinbar hat es mich erwischt, ich habe seit gestern abend das Problem, dass mein Browser (FireFox) in regelmäßigen Abschnitten folgenden Link öffnet: hxxp://e. ligatus. com/LigatusFallback.gif?ids=34088 (Leerzeichen absichtlich eingebaut). Dabei handelt es sich um einen einzigen, weißen Pixel. Ich habe bereits zwei weitere Threads mit selbigem Problem entdeckt: http://www.trojaner-board.de/132879-...com-virus.html http://www.trojaner-board.de/133944-...e-loesung.html Interessant wäre anzumerken, dass ich das Problem heute morgen nicht mehr hatte. Stattdessen war mein WLAN-Adapter deaktiviert und ich musste ihn mit der Windows-Hilfe zurücksetzen. Meinen Router fand er erst, als ich mit meinem Laptop direkt vor ihm stand. Das hatte ich noch nie! Ob das in irgendeinem Zusammenhang steht, ich weiß es nicht. Habe dann ICQ absichtlich ausgelassen. Da ich mich damit aber nicht zufrieden gebe und mit ziemlicher Sicherheit gefährliche Programme ausschließen möchte, hab ich beschlossen, mich an euch zu wenden! Siehe: "Das Verschwinden der Symptome bedeutet nicht, dass der PC auch wirklich sauber ist." Meine Alternative wäre eine vollständig System-Neuaufsetzung. Wie dem auch sein, hier meine Ergebnisse aus http://www.trojaner-board.de/69886-a...-beachten.html Vielen Dank schon mal! Ich schätze eure Arbeit wirklich sehr und konnte mir hier schon vieles aneignen! Schritt 1 Defogger hat keine Fehlermeldung ausgegeben, auch ein Neustart wurde nicht gefordert. Schritt 2 OTL.txt Code:
ATTFilter OTL logfile created on: 17.05.2013 10:42:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,28% Memory free 3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,21 Gb Total Space | 81,46 Gb Free Space | 43,74% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.17 10:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe PRC - [2013.05.03 19:29:48 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe ========== Modules (No Company Name) ========== MOD - [2013.05.15 18:22:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.15 18:21:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.14 14:23:47 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll MOD - [2013.01.11 15:11:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 15:10:21 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 15:10:18 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.11 15:09:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 15:09:48 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 15:09:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.07.10 20:51:08 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012.07.10 20:51:08 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012.07.10 20:51:08 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2012.07.10 20:51:08 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012.07.10 20:51:08 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012.07.10 20:51:08 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012.07.10 20:51:08 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:08 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012.07.10 20:51:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012.07.10 20:51:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012.07.10 20:51:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012.07.10 20:51:08 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2012.07.10 20:51:08 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2012.07.10 20:51:08 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2012.07.10 20:51:08 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2012.07.10 20:51:07 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:07 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012.07.10 20:51:07 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:07 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:07 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012.07.10 20:51:07 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012.07.10 20:51:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012.07.10 20:51:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2012.07.10 20:51:06 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3693.42498__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2012.07.10 20:51:06 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012.07.10 20:51:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012.07.10 20:51:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012.07.10 20:51:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012.07.10 20:51:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012.07.10 20:51:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012.07.10 20:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012.07.10 20:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012.07.10 20:51:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012.07.10 20:51:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012.07.10 20:51:05 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012.07.10 20:51:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2012.07.10 20:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012.07.10 20:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2012.07.10 20:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2012.07.10 20:51:05 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012.07.10 20:51:04 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2012.07.10 20:51:04 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012.07.10 20:51:04 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012.07.10 20:51:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012.07.10 20:51:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012.07.10 20:51:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012.07.10 20:51:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012.07.10 20:51:03 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012.07.10 20:51:03 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012.07.10 20:51:03 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012.07.10 20:51:03 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012.07.10 20:51:03 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012.07.10 20:51:03 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012.07.10 20:51:03 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012.07.10 20:51:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012.07.10 20:51:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012.07.10 20:51:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012.07.10 20:51:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2012.07.10 20:51:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012.07.10 20:51:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012.07.10 20:51:03 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012.07.10 20:51:03 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012.07.10 20:51:03 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012.07.10 20:51:02 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012.07.10 20:51:02 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2012.07.10 20:51:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll MOD - [2012.07.10 20:51:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2012.07.10 20:51:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012.07.10 20:51:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012.07.10 20:51:02 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012.07.10 20:51:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Services (SafeList) ========== SRV - [2013.05.15 16:11:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.12 17:22:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2013.04.13 01:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.02.05 16:44:28 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVEX15.SYS -- (NAVEX15) DRV - [2013.02.05 16:44:28 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.02.05 16:44:28 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVENG.SYS -- (NAVENG) DRV - [2012.09.01 02:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130516.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.09 10:31:58 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.11 15:44:03 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys -- (SymEFA) DRV - [2012.04.18 04:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\symnets.sys -- (SymNetS) DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\ironx86.sys -- (SymIRON) DRV - [2011.12.13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys -- (SymDS) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 16 C3 49 17 F0 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.14.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.backup.ftp: "200.89.155.203" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "200.89.155.203" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "200.89.155.203" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "200.89.155.203" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "200.89.155.203" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "200.89.155.203" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "200.89.155.203" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.07.11 15:44:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013.05.17 10:09:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.06 16:15:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.10 18:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2013.05.08 19:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions [2013.04.02 21:37:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.05 21:53:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\ich@maltegoetz.de [2013.05.08 19:07:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.17 19:24:16 | 000,002,471 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\searchplugins\safesearch.xml [2013.05.06 16:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.17 10:09:10 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN [2012.07.11 15:44:50 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPLGN [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Power2GoExpress] NA File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0422543C-2CBB-408C-99AE-684A0D413F2D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E398825B-550D-4530-90B6-CA72F60E7489}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell - "" = AutoRun O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell - "" = AutoRun O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 10:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.05.14 13:02:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\01 play3-Show 06-2013 [2013.05.09 11:14:22 | 000,000,000 | RH-D | C] -- C:\Users\Philipp\AppData\Roaming\SecuROM [2013.05.09 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\Electronic Arts [2013.05.06 19:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.05.06 18:28:55 | 000,447,752 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Origin [2013.05.06 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Origin [2013.05.06 16:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.05.06 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.05.04 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis [2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2013.05.04 15:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis [2013.04.18 16:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device [2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.17 10:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.05.17 10:37:55 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable [2013.05.17 10:35:47 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe [2013.05.17 10:31:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 10:15:42 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 10:15:42 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 10:13:40 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.17 10:13:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.17 10:13:40 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.17 10:13:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.17 10:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 10:08:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 10:07:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 10:07:47 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys [2013.05.16 22:34:51 | 000,387,289 | ---- | M] () -- C:\Users\Philipp\Desktop\Unbenannt.png [2013.05.16 12:28:25 | 013,949,173 | ---- | M] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3 [2013.05.15 18:20:43 | 000,436,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 16:34:32 | 136,507,586 | ---- | M] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3 [2013.05.15 16:33:21 | 234,977,676 | ---- | M] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3 [2013.05.14 10:37:14 | 015,049,642 | ---- | M] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf [2013.05.10 16:48:35 | 000,001,136 | ---- | M] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk [2013.05.06 18:27:38 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2013.05.06 18:25:24 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2013.05.06 16:33:06 | 000,000,941 | ---- | M] () -- C:\Users\Philipp\Desktop\Origin.lnk [2013.05.04 15:39:07 | 000,000,578 | ---- | M] () -- C:\Windows\eReg.dat [2013.04.30 23:14:13 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 10:37:55 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable [2013.05.17 10:35:45 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe [2013.05.16 22:34:51 | 000,387,289 | ---- | C] () -- C:\Users\Philipp\Desktop\Unbenannt.png [2013.05.16 12:25:40 | 013,949,173 | ---- | C] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3 [2013.05.14 14:07:03 | 136,507,586 | ---- | C] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3 [2013.05.14 13:39:52 | 234,977,676 | ---- | C] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3 [2013.05.14 10:33:21 | 015,049,642 | ---- | C] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf [2013.05.10 16:48:35 | 000,001,136 | ---- | C] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk [2013.05.10 16:46:37 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.05.06 18:27:36 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2013.05.06 16:33:06 | 000,000,941 | ---- | C] () -- C:\Users\Philipp\Desktop\Origin.lnk [2013.05.04 15:39:07 | 000,000,578 | ---- | C] () -- C:\Windows\eReg.dat [2013.04.30 23:14:13 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.09.01 16:49:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.29 20:09:21 | 000,002,698 | ---- | C] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel [2012.07.12 18:59:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.07.12 18:59:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.07.11 14:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.19 09:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.04.19 08:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.04.19 08:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2012.04.19 08:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.07 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Amazon [2012.09.02 16:59:40 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Audacity [2013.04.18 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft [2012.07.10 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.21 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HTC [2013.05.16 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ [2012.07.12 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient [2013.03.16 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Mp3tag [2012.08.08 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org [2013.05.09 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin [2012.09.23 17:53:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\pdfforge [2012.08.18 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sony [2013.05.14 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Spotify [2012.11.09 17:28:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TeamViewer [2012.08.14 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client [2012.09.02 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 10:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 56,28% Memory free
3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,21 Gb Total Space | 81,46 Gb Free Space | 43,74% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112D5523-102F-4858-91C0-147E5F9C1EA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{15C99FC5-541E-4075-943D-E0E414339735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1EEC5D51-13A8-4AD3-81BC-7AF09C482F10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{271F4A1E-ED84-4757-AEF6-FB5F694EBD66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C26D654-74FB-43D9-B767-E189E88C92FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CA90D9B-FD9D-485B-9525-7E5F199A7D3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{447C2355-3C8C-4933-91CC-6BAD7CE5A3B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47ACFC59-8F32-4090-8947-CCEC38447FAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5582B9D2-40B8-466F-9863-68FB76E72540}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B061F37-8F21-4997-90DB-8B0783E13814}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A562732-51DB-4AC7-B768-78A861A08EFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{80F321B8-78C7-407D-B489-526B2E00A267}" = lport=138 | protocol=17 | dir=in | app=system |
"{845C350C-ADE9-43F0-A919-A5201930465B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8937517C-BE00-4994-92AB-36EF61897A17}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A3E6FB7-F7BC-4E95-B5D6-5CDC59B5B253}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D47EB70-CD16-49A4-AAC9-B8740189EF87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B81717A2-5279-4137-B4E9-F1A32FBCFD5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C00A7B61-BB39-4DBC-A652-1933243CAF4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{C145BF46-D6B0-4461-8CCC-E0FAE4CFAD2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3D5597A-1911-4B5F-AC64-9BCD9DACC994}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA0D5A43-CD0E-4B1C-A785-A55BC893ECCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F2D2CAC6-9FCF-413D-888F-EE8173EE4A24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6396439-3A88-4835-9B58-225BAE1BDC43}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539C5D9-C96D-4C32-87C2-B9C320132379}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{13B552B1-E0AE-40EB-8311-9BD0358EF008}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{156FAE62-E997-40EA-9B55-2E24F5D78952}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{1613CCFC-5F2D-4339-848D-4AC9F4A7C784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19090D4B-9FD2-48A4-99C6-4AA1AEFEC26D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A15AD5C-B39F-457B-83E8-C788E9395DA7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1C7DD64C-A1B1-4D75-9765-0003D225087E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F842C06-6F6E-463B-B4D4-1E150DB61373}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2363E4B4-E2FE-43F2-A02A-7BB4BA5FC74E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A328493-1236-4B76-B687-EAA54A13B9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FBDEE85-60B5-4E60-9D5C-075EE53CE837}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3769AED6-E113-4771-ABF5-DD6EA729F04A}" = dir=in | name=youtubecdn |
"{3806AA95-DFED-4F8D-B058-906135059F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1761F5-120A-4637-89BB-81196F3B2889}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F1215EE-4405-45B8-8413-660F805E8BCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50349AA2-9A6F-44B3-BBDC-C008DCDAEBCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{566DC68B-42EE-4FB3-B6C3-C7B566D34C97}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{5F9E6C56-BF2F-455B-86EE-3AAEEC2274E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1C27D1-AFB5-430E-9CFA-99DBD8915945}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F52C18B-C019-4C5E-BE33-F580C2359238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FA5CF64-4980-4BB8-A94F-9BECA0B6A3CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7CB08A22-B870-439E-A29E-13135A791118}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E0115E0-0EBF-43F8-A1F3-A41A178C478E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FADBECD-10F9-40A8-A719-5AE11DB41A1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{865D08F9-6A9E-4C1B-8F8E-55F6C9372C41}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{98F84E52-9BA4-4035-96B2-ABAC11836CA3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{9F752237-AB26-4B86-867A-324A6BD8C7FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A5089C7D-EECB-4430-8174-ABAF4528551F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{AAC3FADF-3836-4BD8-9022-F222D4968FFC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ACCADBDE-9C5C-4824-AA9E-B32AE21D2D11}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE095EF9-E86F-4D6F-BE08-57CDBDB2F916}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B3D3540D-DAD9-4A1C-858F-1E3895AA2D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D130F4-7009-4B81-BEB8-66A2BDD4CFE0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0FD0A48-6BD2-4CFD-BE34-3D378A141C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD6E3048-9549-4616-BFFE-1FA2BBC26F99}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{CF288D36-F1D1-4877-A98C-4F3E5C394E49}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{D84213EA-A57A-4643-9977-114629AD3EA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3C8CB81-F3ED-4AF9-B3FD-9A6768A5B44F}" = protocol=6 | dir=out | app=system |
"{E4E34717-59B7-4D25-BFF6-2ED3BE19EB4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EBF3A48A-108D-4780-9926-7730F9B18120}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{FCDC3C63-21FB-4585-8444-AD13CB267188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{44F9F3EC-294F-4556-8609-A967F094A53A}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C0409DBF-E64F-4486-93BF-2DD2B4AB9B2C}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{3F06408D-1DFB-4920-AEEF-C092722903F6}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{FF68D683-7299-42F2-8C81-E83AA58FC703}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CCleaner" = CCleaner
"Europe MapleStory_is1" = Europe MapleStory
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NIS" = Norton Internet Security
"Origin" = Origin
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.05.2013 14:49:18 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.05.2013 09:40:41 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.05.2013 10:27:07 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.05.2013 15:50:42 | Computer Name = Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11.05.2013 15:50:43 | Computer Name = Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2495283
Error - 11.05.2013 15:50:43 | Computer Name = Computer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2495283
Error - 12.05.2013 04:32:19 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.05.2013 03:46:10 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 15.05.2013 08:49:25 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 15.05.2013 09:24:10 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.05.2013 05:40:32 | Computer Name = Computer | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 25.11.2012 10:43:10 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.11.2012 08:27:20 | Computer Name = Computer | Source = DCOM | ID = 10010
Description =
Error - 05.12.2012 08:57:27 | Computer Name = Computer | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?12.?2012 um 13:56:01 unerwartet heruntergefahren.
Error - 05.12.2012 15:14:22 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.12.2012 15:14:22 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.12.2012 15:14:23 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.12.2012 15:14:23 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.12.2012 15:14:24 | Computer Name = Computer | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 06.12.2012 14:02:26 | Computer Name = Computer | Source = i8042prt | ID = 327720
Description = Beim Ermitteln der Gerätekennung der Maus ist ein Fehler aufgetreten.
Error - 06.12.2012 14:04:41 | Computer Name = Computer | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Schritt 3 Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-17 11:39:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2200BH rev.0000000B 186,31GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pgddqpoc.sys
---- System - GMER 2.1 ----
SSDT 86400BC8 ZwAlertResumeThread
SSDT 86400CA8 ZwAlertThread
SSDT 864017F8 ZwAllocateVirtualMemory
SSDT 85C42178 ZwAlpcConnectPort
SSDT 86400370 ZwAssignProcessToJobObject
SSDT 86400918 ZwCreateMutant
SSDT 86400090 ZwCreateSymbolicLinkObject
SSDT 86401D00 ZwCreateThread
SSDT 86400180 ZwCreateThreadEx
SSDT 86400450 ZwDebugActiveProcess
SSDT 864019C8 ZwDuplicateObject
SSDT 864015B0 ZwFreeVirtualMemory
SSDT 86400A08 ZwImpersonateAnonymousToken
SSDT 86400AE8 ZwImpersonateThread
SSDT 85B31308 ZwLoadDriver
SSDT 864014B0 ZwMapViewOfSection
SSDT 86400838 ZwOpenEvent
SSDT 86401BA8 ZwOpenProcess
SSDT 864018E8 ZwOpenProcessToken
SSDT 86400678 ZwOpenSection
SSDT 86401AB8 ZwOpenThread
SSDT 86400280 ZwProtectVirtualMemory
SSDT 86400D88 ZwResumeThread
SSDT 86400008 ZwSetContextThread
SSDT 864012E0 ZwSetInformationProcess
SSDT 86400530 ZwSetSystemInformation
SSDT 86400758 ZwSuspendProcess
SSDT 86400E68 ZwSuspendThread
SSDT 85DF9220 ZwTerminateProcess
SSDT 86400F48 ZwTerminateThread
SSDT 864013D0 ZwUnmapViewOfSection
SSDT 864016A0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 82C399A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C594F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 13A3 82C60778 5 Bytes [C8, 0B, 40, 86, A8]
.text ntoskrnl.exe!KeRemoveQueueEx + 13A9 82C6077E 2 Bytes [40, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C60790 4 Bytes [F8, 17, 40, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 82C6079C 4 Bytes [78, 21, C4, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C607F0 4 Bytes [70, 03, 40, 86]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9402A000, 0x267978, 0xE8000020]
---- Threads - GMER 2.1 ----
Thread System [4:1144] A61E2F2E
---- EOF - GMER 2.1 ----
 |
|
17.05.2013, 11:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
17.05.2013, 11:59
| #3 |
| | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Mein Antivirenprogramm (Norton) hat nicht Alarm geschlagen, was drüberlaufen lassen habe ich nicht. War gestern Abend schon spät und da hab ich nach mehrmaligem Aufpoppen des Links gegooglet, bin bei euch gelandet und hab lediglich die Schritte die oben aufgelistet sind, ausgeführt.
__________________Ältere Logs habe ich keine. Zu deiner Aufforderung "Posten in CODE-Tags": Hab ich da was falsch gemacht? Für mich sieht das korrekt aus  |
|
17.05.2013, 12:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.05.2013, 15:07
| #5 |
| | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite So, hier die Logfiles: JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Philipp on 17.05.2013 at 15:46:38,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Philipp\AppData\Roaming\pdfforge"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml"
Successfully deleted: [File] C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\searchplugins\safesearch.xml
Successfully deleted: [Folder] C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\extensions\staged
Emptied folder: C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\minidumps [545 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2013 at 15:49:19,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Code:
ATTFilter # AdwCleaner v2.301 - Datei am 17/05/2013 um 15:50:22 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Philipp - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Philipp\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\6j1vn3ai.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\6j1vn3ai.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Silvana\AppData\Roaming\Mozilla\Firefox\Profiles\y1ecqtvh.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1172 octets] - [17/05/2013 15:50:22]
########## EOF - C:\AdwCleaner[S1].txt - [1232 octets] ##########
OTL.txt Code:
ATTFilter OTL logfile created on: 17.05.2013 15:55:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,46% Memory free 3,50 Gb Paging File | 2,82 Gb Available in Paging File | 80,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,21 Gb Total Space | 81,43 Gb Free Space | 43,73% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130502.001\BHDrvx86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130516.025\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130516.001\IDSvix86.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1309010.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1309010.00E\symnets.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1309010.00E\ironx86.sys (Symantec Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys (Symantec Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 16 C3 49 17 F0 CD 01 [binary data] IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.14.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.backup.ftp: "200.89.155.203" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "200.89.155.203" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "200.89.155.203" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "200.89.155.203" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "200.89.155.203" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "200.89.155.203" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "200.89.155.203" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.07.11 15:44:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013.05.17 15:54:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.06 16:15:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.10 18:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2013.05.17 15:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions [2013.04.02 21:37:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.05 21:53:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\6j1vn3ai.default\extensions\ich@maltegoetz.de [2013.05.08 19:07:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\6j1vn3ai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.06 16:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.17 15:54:18 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN [2012.07.11 15:44:50 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPLGN [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-3008372699-3515462639-1166341988-1001..\Run: [Spotify Web Helper] C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0422543C-2CBB-408C-99AE-684A0D413F2D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E398825B-550D-4530-90B6-CA72F60E7489}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell - "" = AutoRun O33 - MountPoints2\{1a9a8e92-e969-11e1-aa85-001377642a33}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell - "" = AutoRun O33 - MountPoints2\{d3c5b833-eb65-11e1-a442-001377642a33}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 15:46:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.17 15:46:25 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.17 15:42:22 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Philipp\Desktop\JRT.exe [2013.05.17 10:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.05.15 17:05:23 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.15 17:05:22 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.15 17:05:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.15 17:05:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.15 17:05:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.15 17:05:19 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.15 17:05:19 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.15 17:05:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 17:05:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.15 17:05:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.15 13:22:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 13:22:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 13:22:34 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 13:22:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 13:22:27 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.14 13:02:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\01 play3-Show 06-2013 [2013.05.09 11:14:22 | 000,000,000 | RH-D | C] -- C:\Users\Philipp\AppData\Roaming\SecuROM [2013.05.09 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\Electronic Arts [2013.05.06 19:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.05.06 18:28:55 | 000,447,752 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2013.05.06 18:27:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2013.05.06 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Origin [2013.05.06 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Origin [2013.05.06 16:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.05.06 16:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.05.06 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.05.04 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis [2013.05.04 15:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2013.05.04 15:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis [2013.04.30 23:14:14 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.30 23:14:14 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.30 23:14:13 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.30 23:14:13 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.30 23:14:13 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.30 23:14:13 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.30 23:14:13 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.30 23:14:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.30 23:14:13 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.30 23:14:13 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.30 23:14:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.30 23:14:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.30 23:14:13 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.30 23:14:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.30 23:14:13 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.30 23:14:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.30 23:14:13 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.30 23:14:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.30 23:14:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.30 23:14:13 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.30 23:14:13 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.30 23:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.30 23:14:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.30 23:14:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.30 23:14:13 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.30 23:14:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.18 16:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device [2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.04.18 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.17 15:52:36 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 15:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 15:51:58 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 15:43:36 | 000,632,031 | ---- | M] () -- C:\Users\Philipp\Desktop\adwcleaner.exe [2013.05.17 15:42:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 15:42:43 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 15:42:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Philipp\Desktop\JRT.exe [2013.05.17 13:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 12:31:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 10:59:09 | 000,377,856 | ---- | M] () -- C:\Users\Philipp\Desktop\gmer_2.1.19163.exe [2013.05.17 10:41:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.05.17 10:37:55 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable [2013.05.17 10:35:47 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe [2013.05.17 10:13:40 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.17 10:13:40 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.17 10:13:40 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.17 10:13:40 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.16 22:34:51 | 000,387,289 | ---- | M] () -- C:\Users\Philipp\Desktop\Unbenannt.png [2013.05.16 12:28:25 | 013,949,173 | ---- | M] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3 [2013.05.15 18:20:43 | 000,436,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 16:34:32 | 136,507,586 | ---- | M] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3 [2013.05.15 16:33:21 | 234,977,676 | ---- | M] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3 [2013.05.15 16:11:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 16:11:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.14 10:37:14 | 015,049,642 | ---- | M] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf [2013.05.10 16:48:35 | 000,001,136 | ---- | M] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk [2013.05.06 18:27:38 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2013.05.06 18:25:24 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2013.05.06 16:33:06 | 000,000,941 | ---- | M] () -- C:\Users\Philipp\Desktop\Origin.lnk [2013.05.04 15:39:07 | 000,000,578 | ---- | M] () -- C:\Windows\eReg.dat [2013.04.30 23:14:14 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.30 23:14:14 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.30 23:14:13 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.30 23:14:13 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.30 23:14:13 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.30 23:14:13 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.30 23:14:13 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.30 23:14:13 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.30 23:14:13 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.30 23:14:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.30 23:14:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.30 23:14:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.30 23:14:13 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.30 23:14:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.30 23:14:13 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.30 23:14:13 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.30 23:14:13 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.30 23:14:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.30 23:14:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.30 23:14:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.30 23:14:13 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.30 23:14:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.30 23:14:13 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.30 23:14:13 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.30 23:14:13 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.30 23:14:13 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.30 23:14:13 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 15:43:33 | 000,632,031 | ---- | C] () -- C:\Users\Philipp\Desktop\adwcleaner.exe [2013.05.17 10:59:04 | 000,377,856 | ---- | C] () -- C:\Users\Philipp\Desktop\gmer_2.1.19163.exe [2013.05.17 10:37:55 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable [2013.05.17 10:35:45 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe [2013.05.16 22:34:51 | 000,387,289 | ---- | C] () -- C:\Users\Philipp\Desktop\Unbenannt.png [2013.05.16 12:25:40 | 013,949,173 | ---- | C] () -- C:\Users\Philipp\Desktop\Cannonball (Original Mix).mp3 [2013.05.14 14:07:03 | 136,507,586 | ---- | C] () -- C:\Users\Philipp\Desktop\Hardwell at Ultra Music Festival 2013.mp3 [2013.05.14 13:39:52 | 234,977,676 | ---- | C] () -- C:\Users\Philipp\Desktop\Tomorrowland 2013 - Official WarmUp.mp3 [2013.05.14 10:33:21 | 015,049,642 | ---- | C] () -- C:\Users\Philipp\Desktop\The Playbook by Barney Stinson.pdf [2013.05.10 16:48:35 | 000,001,136 | ---- | C] () -- C:\Users\Philipp\Desktop\TeamViewer 8.lnk [2013.05.10 16:46:37 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.05.06 18:27:36 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2013.05.06 16:33:06 | 000,000,941 | ---- | C] () -- C:\Users\Philipp\Desktop\Origin.lnk [2013.05.04 15:39:07 | 000,000,578 | ---- | C] () -- C:\Windows\eReg.dat [2013.04.30 23:14:13 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.09.01 16:49:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.29 20:09:21 | 000,002,698 | ---- | C] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel [2012.07.12 18:59:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.07.12 18:59:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.07.11 14:56:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.19 09:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.04.19 08:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.04.19 08:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2012.04.19 08:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 15:55:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,46% Memory free
3,50 Gb Paging File | 2,82 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,21 Gb Total Space | 81,43 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112D5523-102F-4858-91C0-147E5F9C1EA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{15C99FC5-541E-4075-943D-E0E414339735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1EEC5D51-13A8-4AD3-81BC-7AF09C482F10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{271F4A1E-ED84-4757-AEF6-FB5F694EBD66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C26D654-74FB-43D9-B767-E189E88C92FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CA90D9B-FD9D-485B-9525-7E5F199A7D3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{447C2355-3C8C-4933-91CC-6BAD7CE5A3B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47ACFC59-8F32-4090-8947-CCEC38447FAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5582B9D2-40B8-466F-9863-68FB76E72540}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B061F37-8F21-4997-90DB-8B0783E13814}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A562732-51DB-4AC7-B768-78A861A08EFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{80F321B8-78C7-407D-B489-526B2E00A267}" = lport=138 | protocol=17 | dir=in | app=system |
"{845C350C-ADE9-43F0-A919-A5201930465B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8937517C-BE00-4994-92AB-36EF61897A17}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A3E6FB7-F7BC-4E95-B5D6-5CDC59B5B253}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D47EB70-CD16-49A4-AAC9-B8740189EF87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B81717A2-5279-4137-B4E9-F1A32FBCFD5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C00A7B61-BB39-4DBC-A652-1933243CAF4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{C145BF46-D6B0-4461-8CCC-E0FAE4CFAD2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3D5597A-1911-4B5F-AC64-9BCD9DACC994}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA0D5A43-CD0E-4B1C-A785-A55BC893ECCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F2D2CAC6-9FCF-413D-888F-EE8173EE4A24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6396439-3A88-4835-9B58-225BAE1BDC43}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0539C5D9-C96D-4C32-87C2-B9C320132379}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{13B552B1-E0AE-40EB-8311-9BD0358EF008}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{156FAE62-E997-40EA-9B55-2E24F5D78952}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{1613CCFC-5F2D-4339-848D-4AC9F4A7C784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19090D4B-9FD2-48A4-99C6-4AA1AEFEC26D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A15AD5C-B39F-457B-83E8-C788E9395DA7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1C7DD64C-A1B1-4D75-9765-0003D225087E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F842C06-6F6E-463B-B4D4-1E150DB61373}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2363E4B4-E2FE-43F2-A02A-7BB4BA5FC74E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A328493-1236-4B76-B687-EAA54A13B9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FBDEE85-60B5-4E60-9D5C-075EE53CE837}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3769AED6-E113-4771-ABF5-DD6EA729F04A}" = dir=in | name=youtubecdn |
"{3806AA95-DFED-4F8D-B058-906135059F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1761F5-120A-4637-89BB-81196F3B2889}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F1215EE-4405-45B8-8413-660F805E8BCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50349AA2-9A6F-44B3-BBDC-C008DCDAEBCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{566DC68B-42EE-4FB3-B6C3-C7B566D34C97}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{5F9E6C56-BF2F-455B-86EE-3AAEEC2274E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1C27D1-AFB5-430E-9CFA-99DBD8915945}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F52C18B-C019-4C5E-BE33-F580C2359238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FA5CF64-4980-4BB8-A94F-9BECA0B6A3CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7CB08A22-B870-439E-A29E-13135A791118}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E0115E0-0EBF-43F8-A1F3-A41A178C478E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FADBECD-10F9-40A8-A719-5AE11DB41A1E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{865D08F9-6A9E-4C1B-8F8E-55F6C9372C41}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{98F84E52-9BA4-4035-96B2-ABAC11836CA3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{9F752237-AB26-4B86-867A-324A6BD8C7FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A5089C7D-EECB-4430-8174-ABAF4528551F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{AAC3FADF-3836-4BD8-9022-F222D4968FFC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ACCADBDE-9C5C-4824-AA9E-B32AE21D2D11}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AE095EF9-E86F-4D6F-BE08-57CDBDB2F916}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B3D3540D-DAD9-4A1C-858F-1E3895AA2D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D130F4-7009-4B81-BEB8-66A2BDD4CFE0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0FD0A48-6BD2-4CFD-BE34-3D378A141C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD6E3048-9549-4616-BFFE-1FA2BBC26F99}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{CF288D36-F1D1-4877-A98C-4F3E5C394E49}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{D84213EA-A57A-4643-9977-114629AD3EA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3C8CB81-F3ED-4AF9-B3FD-9A6768A5B44F}" = protocol=6 | dir=out | app=system |
"{E4E34717-59B7-4D25-BFF6-2ED3BE19EB4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EBF3A48A-108D-4780-9926-7730F9B18120}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{FCDC3C63-21FB-4585-8444-AD13CB267188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{44F9F3EC-294F-4556-8609-A967F094A53A}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C0409DBF-E64F-4486-93BF-2DD2B4AB9B2C}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{3F06408D-1DFB-4920-AEEF-C092722903F6}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"UDP Query User{FF68D683-7299-42F2-8C81-E83AA58FC703}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.0
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CCleaner" = CCleaner
"Europe MapleStory_is1" = Europe MapleStory
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NIS" = Norton Internet Security
"Origin" = Origin
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3008372699-3515462639-1166341988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 17.05.2013 09:52:38 | Computer Name = Computer | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{0422543C-2CBB-408C-99AE-684A0D413F2D} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 17.05.2013 09:52:38 | Computer Name = Computer | Source = NetBT | ID = 4321
Description = Der Name "COMPUTER :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.3 registriert werden. Der Computer mit IP-Adresse 192.168.1.4
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
|
|
17.05.2013, 15:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite |
|
17.05.2013, 21:11
| #7 |
| | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite MalwareBytes-Logfile Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.17.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Philipp :: COMPUTER [Administrator] 17.05.2013 18:09:33 mbam-log-2013-05-17 (18-09-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379926 Laufzeit: 2 Stunde(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8442edead8e2554dabc4be6cfe16f978
# engine=13853
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-17 07:43:17
# local_time=2013-05-17 09:43:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 99 303054 131416382 0 0
# compatibility_mode=5893 16776574 100 94 26873822 120450988 0 0
# scanned=160171
# found=0
# cleaned=0
# scan_time=5159
Edit: Eset hab ich im Anschluss wieder entfernt. |
|
17.05.2013, 21:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2013, 13:07
| #9 |
| | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Die Probleme sind nicht mehr aufgetreten, auch unter ICQ nicht. Deinen Tipp zu den Cookies werde ich mir zu Herzen nehmen! Ansonsten läuft das System rund. Weißt du denn, ob es sich tatsächlich um einen Virus o.Ä. gehandelt hat, oder waren die Maßnahmen alle eher "ins Blaue", nach dem Motto: "Wenn es was Schädliches war, müsste es nach der Keule definitiv weg sein."? Kann, bzw. soll ich die ganzen Programme (defogger, gmer, OTL, JRT, adwCleaner und MalwareBytes) einfach ganz normal deinstallieren, oder muss ich was beachten? Welche von denen machen für einen Laien auch ohne professionelle Anleitung noch Sinn (bspw. MalwareBytes)? Nochmals allerbesten Dank! Ihr seid echt klasse! |
|
19.05.2013, 02:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2013, 13:25
| #11 |
| | e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite Vielen, vielen Dank! Ihr seid spitze! |
|
| Themen zu e-ligatus-com, FireFox öffnet unaufgefordert dubiose Internetseite |
| applaus, autorun, battle.net, bho, bonjour, branding, browser, converter, e.ligatus.com, error, excel, firefox, flash player, format, home, install.exe, ligatus, logfile, maus, mozilla, object, origin, problem, registry, rundll, scan, security, software, spotify web helper, svchost.exe, symantec, teamspeak, udp, virus |
Linear-Darstellung
